It is recommended to disable public new user registrations or to be careful with:

Default user settings - it is common for new users to do these mistakes:

DO NOT put any initial balance - if you do so you will give money for calling for your new customers for free - such service is often abused and one or more users make a lot of of free account registrations to call for free.

DO NOT MAKE USER POSTPAID - if you do so with public registrations enabled and you set any credit for that user (it can also be automatically applied from default user settings) - that user will be allowed to call for free and you risk that the unknown customer will not pay you.

DO NOT GIVE ANY CREDIT in default user settings - if a credit is given and the user is postpaid - he is allowed to call till he reaches this limit. Very dangerous when being used with public user registrations.

Do not connect external PBX systems or at least ensure that they ARE SECURE. Please read more about this here, here and here.

Use Action log feature in MOR to monitor suspicious users actions in MOR system. Keep an eye on Hacking attempt messages here - they indicate that the user is trying to access MOR GUI places/features which are not allowed for him to use. More information about Action log can be found here.

It is a default Linux firewall and is installed by default in all MOR systems. Although additional configuration is needed in order it would protect you:

Configure iptables that it would accept connections only to ports required for MOR system to work. More information about these ports can be found here.

Allow connections to SSH (default TCP Port: 22) only from support.kolmisoft.com and systems you trust.

If MOR GUI is not required for your business model - you can block access to it too (Default TCP ports: 80/443). Only remember to allow access to it from support.kolmisoft.com and the systems you trust.

By default Fail2Ban blocks calls (IP address sending those calls) with HGC 200 when there are 20 or more such attempts / minute - it is a safe limit which should never be reached by normal users. This behavious can be easy adjusted. See this guide how to achieve this.